WordPress DZS Video Gallery plugin <= 12.39 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Plugin DZS Video Gallery versions = 12.39...

WordPress Kids Planet theme <= 2.2.14 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Kids Planet versions = 2.2.14...

WordPress Pix 4x sem juros - Pagaleve plugin <= 1.6.9 - PHP Object Injection Vulnerability

WordPress Pix 4x sem juros - Pagaleve plugin = 1.6.9 - PHP Object Injection Vulnerability discovered by timomangcut Patchstack Alliance in WordPress Plugin Pix 4x sem juros - Pagaleve versions = 1.6.9...

CVE-2025-4803

The CVE-2025-4803 entry concerns WordPress Glossary by WPPedia (

CVE-2025-4803 Glossary by WPPedia <= 1.3.0 - Authenticated (Administrator+) PHP Object Injection

The Glossary by WPPedia – Best Glossary plugin for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.0 via deserialization of untrusted input from the 'posttypes' parameter. This makes it possible for authenticated attackers, with...

CVE-2025-4803 Glossary by WPPedia <= 1.3.0 - Authenticated (Administrator+) PHP Object Injection

The Glossary by WPPedia – Best Glossary plugin for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.0 via deserialization of untrusted input from the 'posttypes' parameter. This makes it possible for authenticated attackers, with...

WordPress Pet World Theme <= 2.8 is vulnerable to PHP Object Injection

Software Pet World Type Theme Vulnerable versions = 2.8 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-32284 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID e46bfa7f1a9a Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Finance Consultant Theme <= 2.8 is vulnerable to PHP Object Injection

Software Finance Consultant Type Theme Vulnerable versions = 2.8 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-32293 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID f21e6a47c3bc Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...

WordPress Fish House Theme <= 1.2.7 is vulnerable to PHP Object Injection

Software Fish House Type Theme Vulnerable versions = 1.2.7 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31631 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID db73d8c2822e Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Kids Planet Theme <= 2.2.14 is vulnerable to PHP Object Injection

Software Kids Planet Type Theme Vulnerable versions = 2.2.14 Fixed in 2.2.14.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-48289 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID bcc60af9dea2 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...

WordPress Umberto Theme <= 1.2.8 is vulnerable to PHP Object Injection

Software Umberto Type Theme Vulnerable versions = 1.2.8 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31423 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 0004b84672d0 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Insurance Theme <= 3.5 is vulnerable to PHP Object Injection

Software Insurance Type Theme Vulnerable versions = 3.5 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31634 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 1abaf10ffee4 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

PT-2025-22341 · WordPress · The Glossary

Name of the Vulnerable Software and Affected Versions: The Glossary by WPPedia – Best Glossary plugin for WordPress versions up to, and including, 1.3.0 Description: The issue is related to PHP Object Injection via deserialization of untrusted input from the posttypes parameter. This allows...

WordPress Glossary by WPPedia plugin <= 1.3.0 - Authenticated (Administrator+) PHP Object Injection vulnerability

Authenticated Administrator+ PHP Object Injection vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Glossary by WPPedia versions = 1.3.0...

WordPress Medicare Theme <= 2.1.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds Patchstack Alliance in WordPress Theme Medicare versions = 2.1.0...

WordPress ZoomSounds plugin <= 6.91 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds in WordPress Plugin ZoomSounds versions = 6.91...

WordPress Avantage Theme <= 2.4.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds in WordPress Theme Avantage versions = 2.4.9...

WordPress DZS Video Gallery plugin <= 12.39 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin DZS Video Gallery versions = 12.39...

WordPress Goodlayers Hotel plugin <= 3.1.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds in WordPress Plugin Goodlayers Hotel versions = 3.1.4...

WordPress Goodlayers Hostel Plugin <= 3.1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds in WordPress Plugin Goodlayers Hostel versions = 3.1.2...